Application-Specific Message Protection

When the Enterprise Server provided configuration is insufficient
for your security needs, and you want to override the default protection,
you can apply application-specific message security to
a web service.

Application-specific security is implemented by adding the message
security binding to the web service endpoint, whether it is an EJB
or servlet web service endpoint. Modify Sun-specific XML files to
add the message binding information.

Message security can also be specified using a WSIT security
policy in the WSDL file. For details, see the WSIT page at https://wsit.dev.java.net/.